1/* $NetBSD: postscreen.c,v 1.2 2017/02/14 01:16:47 christos Exp $ */
2
3/*++
4/* NAME
5/* postscreen 8
6/* SUMMARY
7/* Postfix zombie blocker
8/* SYNOPSIS
9/* \fBpostscreen\fR [generic Postfix daemon options]
10/* DESCRIPTION
11/* The Postfix \fBpostscreen\fR(8) server provides additional
12/* protection against mail server overload. One \fBpostscreen\fR(8)
13/* process handles multiple inbound SMTP connections, and decides
14/* which clients may talk to a Postfix SMTP server process.
15/* By keeping spambots away, \fBpostscreen\fR(8) leaves more
16/* SMTP server processes available for legitimate clients, and
17/* delays the onset of server overload conditions.
18/*
19/* This program should not be used on SMTP ports that receive
20/* mail from end-user clients (MUAs). In a typical deployment,
21/* \fBpostscreen\fR(8) handles the MX service on TCP port 25,
22/* while MUA clients submit mail via the \fBsubmission\fR
23/* service on TCP port 587 which requires client authentication.
24/* Alternatively, a site could set up a dedicated, non-postscreen,
25/* "port 25" server that provides \fBsubmission\fR service and
26/* client authentication, but no MX service.
27/*
28/* \fBpostscreen\fR(8) maintains a temporary whitelist for
29/* clients that have passed a number of tests. When an SMTP
30/* client IP address is whitelisted, \fBpostscreen\fR(8) hands
31/* off the connection immediately to a Postfix SMTP server
32/* process. This minimizes the overhead for legitimate mail.
33/*
34/* By default, \fBpostscreen\fR(8) logs statistics and hands
35/* off each connection to a Postfix SMTP server process, while
36/* excluding clients in mynetworks from all tests (primarily,
37/* to avoid problems with non-standard SMTP implementations
38/* in network appliances). This default mode blocks no clients,
39/* and is useful for non-destructive testing.
40/*
41/* In a typical production setting, \fBpostscreen\fR(8) is
42/* configured to reject mail from clients that fail one or
43/* more tests. \fBpostscreen\fR(8) logs rejected mail with the
44/* client address, helo, sender and recipient information.
45/*
46/* \fBpostscreen\fR(8) is not an SMTP proxy; this is intentional.
47/* The purpose is to keep spambots away from Postfix SMTP
48/* server processes, while minimizing overhead for legitimate
49/* traffic.
50/* SECURITY
51/* .ad
52/* .fi
53/* The \fBpostscreen\fR(8) server is moderately security-sensitive.
54/* It talks to untrusted clients on the network. The process
55/* can be run chrooted at fixed low privilege.
56/* STANDARDS
57/* RFC 821 (SMTP protocol)
58/* RFC 1123 (Host requirements)
59/* RFC 1652 (8bit-MIME transport)
60/* RFC 1869 (SMTP service extensions)
61/* RFC 1870 (Message Size Declaration)
62/* RFC 1985 (ETRN command)
63/* RFC 2034 (SMTP Enhanced Status Codes)
64/* RFC 2821 (SMTP protocol)
65/* Not: RFC 2920 (SMTP Pipelining)
66/* RFC 3207 (STARTTLS command)
67/* RFC 3461 (SMTP DSN Extension)
68/* RFC 3463 (Enhanced Status Codes)
69/* RFC 5321 (SMTP protocol, including multi-line 220 banners)
70/* DIAGNOSTICS
71/* Problems and transactions are logged to \fBsyslogd\fR(8).
72/* BUGS
73/* The \fBpostscreen\fR(8) built-in SMTP protocol engine
74/* currently does not announce support for AUTH, XCLIENT or
75/* XFORWARD.
76/* If you need to make these services available
77/* on port 25, then do not enable the optional "after 220
78/* server greeting" tests, and do not use DNSBLs that reject
79/* traffic from dial-up and residential networks.
80/*
81/* The optional "after 220 server greeting" tests involve
82/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
83/* these tests succeed, \fBpostscreen\fR(8) adds the client
84/* to the temporary whitelist, but it cannot hand off the
85/* "live" connection to a Postfix SMTP server process in the
86/* middle of a session. Instead, \fBpostscreen\fR(8) defers
87/* attempts to deliver mail with a 4XX status, and waits for
88/* the client to disconnect. When the client connects again,
89/* \fBpostscreen\fR(8) will allow the client to talk to a
90/* Postfix SMTP server process (provided that the whitelist
91/* status has not expired). \fBpostscreen\fR(8) mitigates
92/* the impact of this limitation by giving the "after 220
93/* server greeting" tests a long expiration time.
94/* CONFIGURATION PARAMETERS
95/* .ad
96/* .fi
97/* Changes to main.cf are not picked up automatically, as
98/* \fBpostscreen\fR(8) processes may run for several hours.
99/* Use the command "postfix reload" after a configuration
100/* change.
101/*
102/* The text below provides only a parameter summary. See
103/* \fBpostconf\fR(5) for more details including examples.
104/*
105/* NOTE: Some \fBpostscreen\fR(8) parameters implement
106/* stress-dependent behavior. This is supported only when the
107/* default parameter value is stress-dependent (that is, it
108/* looks like ${stress?{X}:{Y}}, or it is the $\fIname\fR
109/* of an smtpd parameter with a stress-dependent default).
110/* Other parameters always evaluate as if the \fBstress\fR
111/* parameter value is the empty string.
112/* COMPATIBILITY CONTROLS
113/* .ad
114/* .fi
115/* .IP "\fBpostscreen_command_filter ($smtpd_command_filter)\fR"
116/* A mechanism to transform commands from remote SMTP clients.
117/* .IP "\fBpostscreen_discard_ehlo_keyword_address_maps ($smtpd_discard_ehlo_keyword_address_maps)\fR"
118/* Lookup tables, indexed by the remote SMTP client address, with
119/* case insensitive lists of EHLO keywords (pipelining, starttls, auth,
120/* etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response
121/* to a remote SMTP client.
122/* .IP "\fBpostscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords)\fR"
123/* A case insensitive list of EHLO keywords (pipelining, starttls,
124/* auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO
125/* response to a remote SMTP client.
126/* .PP
127/* Available in Postfix version 3.1 and later:
128/* .IP "\fBdns_ncache_ttl_fix_enable (no)\fR"
129/* Enable a workaround for future libc incompatibility.
130/* TROUBLE SHOOTING CONTROLS
131/* .ad
132/* .fi
133/* .IP "\fBpostscreen_expansion_filter (see 'postconf -d' output)\fR"
134/* List of characters that are permitted in postscreen_reject_footer
135/* attribute expansions.
136/* .IP "\fBpostscreen_reject_footer ($smtpd_reject_footer)\fR"
137/* Optional information that is appended after a 4XX or 5XX
138/* \fBpostscreen\fR(8) server
139/* response.
140/* .IP "\fBsoft_bounce (no)\fR"
141/* Safety net to keep mail queued that would otherwise be returned to
142/* the sender.
143/* BEFORE-POSTSCREEN PROXY AGENT
144/* .ad
145/* .fi
146/* Available in Postfix version 2.10 and later:
147/* .IP "\fBpostscreen_upstream_proxy_protocol (empty)\fR"
148/* The name of the proxy protocol used by an optional before-postscreen
149/* proxy agent.
150/* .IP "\fBpostscreen_upstream_proxy_timeout (5s)\fR"
151/* The time limit for the proxy protocol specified with the
152/* postscreen_upstream_proxy_protocol parameter.
153/* PERMANENT WHITE/BLACKLIST TEST
154/* .ad
155/* .fi
156/* This test is executed immediately after a remote SMTP client
157/* connects. If a client is permanently whitelisted, the client
158/* will be handed off immediately to a Postfix SMTP server
159/* process.
160/* .IP "\fBpostscreen_access_list (permit_mynetworks)\fR"
161/* Permanent white/blacklist for remote SMTP client IP addresses.
162/* .IP "\fBpostscreen_blacklist_action (ignore)\fR"
163/* The action that \fBpostscreen\fR(8) takes when a remote SMTP client is
164/* permanently blacklisted with the postscreen_access_list parameter.
165/* MAIL EXCHANGER POLICY TESTS
166/* .ad
167/* .fi
168/* When \fBpostscreen\fR(8) is configured to monitor all primary
169/* and backup MX addresses, it can refuse to whitelist clients
170/* that connect to a backup MX address only. For small sites,
171/* this requires configuring primary and backup MX addresses
172/* on the same MTA. Larger sites would have to share the
173/* \fBpostscreen\fR(8) cache between primary and backup MTAs,
174/* which would introduce a common point of failure.
175/* .IP "\fBpostscreen_whitelist_interfaces (static:all)\fR"
176/* A list of local \fBpostscreen\fR(8) server IP addresses where a
177/* non-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
178/* whitelist status.
179/* BEFORE 220 GREETING TESTS
180/* .ad
181/* .fi
182/* These tests are executed before the remote SMTP client
183/* receives the "220 servername" greeting. If no tests remain
184/* after the successful completion of this phase, the client
185/* will be handed off immediately to a Postfix SMTP server
186/* process.
187/* .IP "\fBdnsblog_service_name (dnsblog)\fR"
188/* The name of the \fBdnsblog\fR(8) service entry in master.cf.
189/* .IP "\fBpostscreen_dnsbl_action (ignore)\fR"
190/* The action that \fBpostscreen\fR(8) takes when a remote SMTP client's combined
191/* DNSBL score is equal to or greater than a threshold (as defined
192/* with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold
193/* parameters).
194/* .IP "\fBpostscreen_dnsbl_reply_map (empty)\fR"
195/* A mapping from actual DNSBL domain name which includes a secret
196/* password, to the DNSBL domain name that postscreen will reply with
197/* when it rejects mail.
198/* .IP "\fBpostscreen_dnsbl_sites (empty)\fR"
199/* Optional list of DNS white/blacklist domains, filters and weight
200/* factors.
201/* .IP "\fBpostscreen_dnsbl_threshold (1)\fR"
202/* The inclusive lower bound for blocking a remote SMTP client, based on
203/* its combined DNSBL score as defined with the postscreen_dnsbl_sites
204/* parameter.
205/* .IP "\fBpostscreen_greet_action (ignore)\fR"
206/* The action that \fBpostscreen\fR(8) takes when a remote SMTP client speaks
207/* before its turn within the time specified with the postscreen_greet_wait
208/* parameter.
209/* .IP "\fBpostscreen_greet_banner ($smtpd_banner)\fR"
210/* The \fItext\fR in the optional "220-\fItext\fR..." server
211/* response that
212/* \fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220
213/* text..." response, in an attempt to confuse bad SMTP clients so
214/* that they speak before their turn (pre-greet).
215/* .IP "\fBpostscreen_greet_wait (normal: 6s, overload: 2s)\fR"
216/* The amount of time that \fBpostscreen\fR(8) will wait for an SMTP
217/* client to send a command before its turn, and for DNS blocklist
218/* lookup results to arrive (default: up to 2 seconds under stress,
219/* up to 6 seconds otherwise).
220/* .IP "\fBsmtpd_service_name (smtpd)\fR"
221/* The internal service that \fBpostscreen\fR(8) hands off allowed
222/* connections to.
223/* .PP
224/* Available in Postfix version 2.11 and later:
225/* .IP "\fBpostscreen_dnsbl_whitelist_threshold (0)\fR"
226/* Allow a remote SMTP client to skip "before" and "after 220
227/* greeting" protocol tests, based on its combined DNSBL score as
228/* defined with the postscreen_dnsbl_sites parameter.
229/* .PP
230/* Available in Postfix version 3.0 and later:
231/* .IP "\fBpostscreen_dnsbl_timeout (10s)\fR"
232/* The time limit for DNSBL or DNSWL lookups.
233/* AFTER 220 GREETING TESTS
234/* .ad
235/* .fi
236/* These tests are executed after the remote SMTP client
237/* receives the "220 servername" greeting. If a client passes
238/* all tests during this phase, it will receive a 4XX response
239/* to all RCPT TO commands. After the client reconnects, it
240/* will be allowed to talk directly to a Postfix SMTP server
241/* process.
242/* .IP "\fBpostscreen_bare_newline_action (ignore)\fR"
243/* The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends
244/* a bare newline character, that is, a newline not preceded by carriage
245/* return.
246/* .IP "\fBpostscreen_bare_newline_enable (no)\fR"
247/* Enable "bare newline" SMTP protocol tests in the \fBpostscreen\fR(8)
248/* server.
249/* .IP "\fBpostscreen_disable_vrfy_command ($disable_vrfy_command)\fR"
250/* Disable the SMTP VRFY command in the \fBpostscreen\fR(8) daemon.
251/* .IP "\fBpostscreen_forbidden_commands ($smtpd_forbidden_commands)\fR"
252/* List of commands that the \fBpostscreen\fR(8) server considers in
253/* violation of the SMTP protocol.
254/* .IP "\fBpostscreen_helo_required ($smtpd_helo_required)\fR"
255/* Require that a remote SMTP client sends HELO or EHLO before
256/* commencing a MAIL transaction.
257/* .IP "\fBpostscreen_non_smtp_command_action (drop)\fR"
258/* The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends
259/* non-SMTP commands as specified with the postscreen_forbidden_commands
260/* parameter.
261/* .IP "\fBpostscreen_non_smtp_command_enable (no)\fR"
262/* Enable "non-SMTP command" tests in the \fBpostscreen\fR(8) server.
263/* .IP "\fBpostscreen_pipelining_action (enforce)\fR"
264/* The action that \fBpostscreen\fR(8) takes when a remote SMTP client
265/* sends
266/* multiple commands instead of sending one command and waiting for
267/* the server to respond.
268/* .IP "\fBpostscreen_pipelining_enable (no)\fR"
269/* Enable "pipelining" SMTP protocol tests in the \fBpostscreen\fR(8)
270/* server.
271/* CACHE CONTROLS
272/* .ad
273/* .fi
274/* .IP "\fBpostscreen_cache_cleanup_interval (12h)\fR"
275/* The amount of time between \fBpostscreen\fR(8) cache cleanup runs.
276/* .IP "\fBpostscreen_cache_map (btree:$data_directory/postscreen_cache)\fR"
277/* Persistent storage for the \fBpostscreen\fR(8) server decisions.
278/* .IP "\fBpostscreen_cache_retention_time (7d)\fR"
279/* The amount of time that \fBpostscreen\fR(8) will cache an expired
280/* temporary whitelist entry before it is removed.
281/* .IP "\fBpostscreen_bare_newline_ttl (30d)\fR"
282/* The amount of time that \fBpostscreen\fR(8) will use the result from
283/* a successful "bare newline" SMTP protocol test.
284/* .IP "\fBpostscreen_dnsbl_max_ttl (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)\fR"
285/* The maximum amount of time that \fBpostscreen\fR(8) will use the
286/* result from a successful DNS-based reputation test before a
287/* client IP address is required to pass that test again.
288/* .IP "\fBpostscreen_dnsbl_min_ttl (60s)\fR"
289/* The minimum amount of time that \fBpostscreen\fR(8) will use the
290/* result from a successful DNS-based reputation test before a
291/* client IP address is required to pass that test again.
292/* .IP "\fBpostscreen_greet_ttl (1d)\fR"
293/* The amount of time that \fBpostscreen\fR(8) will use the result from
294/* a successful PREGREET test.
295/* .IP "\fBpostscreen_non_smtp_command_ttl (30d)\fR"
296/* The amount of time that \fBpostscreen\fR(8) will use the result from
297/* a successful "non_smtp_command" SMTP protocol test.
298/* .IP "\fBpostscreen_pipelining_ttl (30d)\fR"
299/* The amount of time that \fBpostscreen\fR(8) will use the result from
300/* a successful "pipelining" SMTP protocol test.
301/* RESOURCE CONTROLS
302/* .ad
303/* .fi
304/* .IP "\fBline_length_limit (2048)\fR"
305/* Upon input, long lines are chopped up into pieces of at most
306/* this length; upon delivery, long lines are reconstructed.
307/* .IP "\fBpostscreen_client_connection_count_limit ($smtpd_client_connection_count_limit)\fR"
308/* How many simultaneous connections any remote SMTP client is
309/* allowed to have
310/* with the \fBpostscreen\fR(8) daemon.
311/* .IP "\fBpostscreen_command_count_limit (20)\fR"
312/* The limit on the total number of commands per SMTP session for
313/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine.
314/* .IP "\fBpostscreen_command_time_limit (normal: 300s, overload: 10s)\fR"
315/* The time limit to read an entire command line with \fBpostscreen\fR(8)'s
316/* built-in SMTP protocol engine.
317/* .IP "\fBpostscreen_post_queue_limit ($default_process_limit)\fR"
318/* The number of clients that can be waiting for service from a
319/* real Postfix SMTP server process.
320/* .IP "\fBpostscreen_pre_queue_limit ($default_process_limit)\fR"
321/* The number of non-whitelisted clients that can be waiting for
322/* a decision whether they will receive service from a real Postfix
323/* SMTP server
324/* process.
325/* .IP "\fBpostscreen_watchdog_timeout (10s)\fR"
326/* How much time a \fBpostscreen\fR(8) process may take to respond to
327/* a remote SMTP client command or to perform a cache operation before it
328/* is terminated by a built-in watchdog timer.
329/* STARTTLS CONTROLS
330/* .ad
331/* .fi
332/* .IP "\fBpostscreen_tls_security_level ($smtpd_tls_security_level)\fR"
333/* The SMTP TLS security level for the \fBpostscreen\fR(8) server; when
334/* a non-empty value is specified, this overrides the obsolete parameters
335/* postscreen_use_tls and postscreen_enforce_tls.
336/* .IP "\fBtlsproxy_service_name (tlsproxy)\fR"
337/* The name of the \fBtlsproxy\fR(8) service entry in master.cf.
338/* OBSOLETE STARTTLS SUPPORT CONTROLS
339/* .ad
340/* .fi
341/* These parameters are supported for compatibility with
342/* \fBsmtpd\fR(8) legacy parameters.
343/* .IP "\fBpostscreen_use_tls ($smtpd_use_tls)\fR"
344/* Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
345/* but do not require that clients use TLS encryption.
346/* .IP "\fBpostscreen_enforce_tls ($smtpd_enforce_tls)\fR"
347/* Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
348/* require that clients use TLS encryption.
349/* MISCELLANEOUS CONTROLS
350/* .ad
351/* .fi
352/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
353/* The default location of the Postfix main.cf and master.cf
354/* configuration files.
355/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
356/* The maximal number of digits after the decimal point when logging
357/* sub-second delay values.
358/* .IP "\fBcommand_directory (see 'postconf -d' output)\fR"
359/* The location of all postfix administrative commands.
360/* .IP "\fBmax_idle (100s)\fR"
361/* The maximum amount of time that an idle Postfix daemon process waits
362/* for an incoming connection before terminating voluntarily.
363/* .IP "\fBprocess_id (read-only)\fR"
364/* The process ID of a Postfix command or daemon process.
365/* .IP "\fBprocess_name (read-only)\fR"
366/* The process name of a Postfix command or daemon process.
367/* .IP "\fBsyslog_facility (mail)\fR"
368/* The syslog facility of Postfix logging.
369/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
370/* The mail system name that is prepended to the process name in syslog
371/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
372/* SEE ALSO
373/* smtpd(8), Postfix SMTP server
374/* tlsproxy(8), Postfix TLS proxy server
375/* dnsblog(8), DNS black/whitelist logger
376/* syslogd(8), system logging
377/* README FILES
378/* .ad
379/* .fi
380/* Use "\fBpostconf readme_directory\fR" or "\fBpostconf
381/* html_directory\fR" to locate this information.
382/* .nf
383/* .na
384/* POSTSCREEN_README, Postfix Postscreen Howto
385/* LICENSE
386/* .ad
387/* .fi
388/* The Secure Mailer license must be distributed with this software.
389/* HISTORY
390/* .ad
391/* .fi
392/* This service was introduced with Postfix version 2.8.
393/*
394/* Many ideas in \fBpostscreen\fR(8) were explored in earlier
395/* work by Michael Tokarev, in OpenBSD spamd, and in MailChannels
396/* Traffic Control.
397/* AUTHOR(S)
398/* Wietse Venema
399/* IBM T.J. Watson Research
400/* P.O. Box 704
401/* Yorktown Heights, NY 10598, USA
402/*
403/* Wietse Venema
404/* Google, Inc.
405/* 111 8th Avenue
406/* New York, NY 10011, USA
407/*--*/
408
409/* System library. */
410
411#include <sys_defs.h>
412#include <sys/stat.h>
413#include <stdlib.h>
414
415/* Utility library. */
416
417#include <msg.h>
418#include <mymalloc.h>
419#include <events.h>
420#include <myaddrinfo.h>
421#include <dict_cache.h>
422#include <set_eugid.h>
423#include <vstream.h>
424#include <name_code.h>
425#include <inet_proto.h>
426
427/* Global library. */
428
429#include <mail_conf.h>
430#include <mail_params.h>
431#include <mail_version.h>
432#include <mail_proto.h>
433#include <data_redirect.h>
434#include <string_list.h>
435
436/* Master server protocols. */
437
438#include <mail_server.h>
439
440/* Application-specific. */
441
442#include <postscreen.h>
443
444 /*
445 * Configuration parameters.
446 */
447char *var_smtpd_service;
448char *var_smtpd_banner;
449bool var_disable_vrfy_cmd;
450bool var_helo_required;
451
452char *var_smtpd_cmd_filter;
453char *var_psc_cmd_filter;
454
455char *var_smtpd_forbid_cmds;
456char *var_psc_forbid_cmds;
457
458char *var_smtpd_ehlo_dis_words;
459char *var_smtpd_ehlo_dis_maps;
460char *var_psc_ehlo_dis_words;
461char *var_psc_ehlo_dis_maps;
462
463char *var_smtpd_tls_level;
464bool var_smtpd_use_tls;
465bool var_smtpd_enforce_tls;
466char *var_psc_tls_level;
467bool var_psc_use_tls;
468bool var_psc_enforce_tls;
469
470bool var_psc_disable_vrfy;
471bool var_psc_helo_required;
472
473char *var_psc_cache_map;
474int var_psc_cache_scan;
475int var_psc_cache_ret;
476int var_psc_post_queue_limit;
477int var_psc_pre_queue_limit;
478int var_psc_watchdog;
479
480char *var_psc_acl;
481char *var_psc_blist_action;
482
483char *var_psc_greet_ttl;
484int var_psc_greet_wait;
485
486char *var_psc_pregr_banner;
487char *var_psc_pregr_action;
488int var_psc_pregr_ttl;
489
490char *var_psc_dnsbl_sites;
491char *var_psc_dnsbl_reply;
492int var_psc_dnsbl_thresh;
493int var_psc_dnsbl_wthresh;
494char *var_psc_dnsbl_action;
495int var_psc_dnsbl_min_ttl;
496int var_psc_dnsbl_max_ttl;
497int var_psc_dnsbl_tmout;
498
499bool var_psc_pipel_enable;
500char *var_psc_pipel_action;
501int var_psc_pipel_ttl;
502
503bool var_psc_nsmtp_enable;
504char *var_psc_nsmtp_action;
505int var_psc_nsmtp_ttl;
506
507bool var_psc_barlf_enable;
508char *var_psc_barlf_action;
509int var_psc_barlf_ttl;
510
511int var_psc_cmd_count;
512char *var_psc_cmd_time;
513
514char *var_dnsblog_service;
515char *var_tlsproxy_service;
516
517char *var_smtpd_rej_footer;
518char *var_psc_rej_footer;
519
520int var_smtpd_cconn_limit;
521int var_psc_cconn_limit;
522
523char *var_smtpd_exp_filter;
524char *var_psc_exp_filter;
525
526char *var_psc_wlist_if;
527char *var_psc_uproxy_proto;
528int var_psc_uproxy_tmout;
529
530 /*
531 * Global variables.
532 */
533int psc_check_queue_length; /* connections being checked */
534int psc_post_queue_length; /* being sent to real SMTPD */
535DICT_CACHE *psc_cache_map; /* cache table handle */
536VSTRING *psc_temp; /* scratchpad */
537char *psc_smtpd_service_name; /* path to real SMTPD */
538int psc_pregr_action; /* PSC_ACT_DROP/ENFORCE/etc */
539int psc_dnsbl_action; /* PSC_ACT_DROP/ENFORCE/etc */
540int psc_pipel_action; /* PSC_ACT_DROP/ENFORCE/etc */
541int psc_nsmtp_action; /* PSC_ACT_DROP/ENFORCE/etc */
542int psc_barlf_action; /* PSC_ACT_DROP/ENFORCE/etc */
543int psc_min_ttl; /* Update with new tests! */
544STRING_LIST *psc_forbid_cmds; /* CONNECT GET POST */
545int psc_stress_greet_wait; /* stressed greet wait */
546int psc_normal_greet_wait; /* stressed greet wait */
547int psc_stress_cmd_time_limit; /* stressed command limit */
548int psc_normal_cmd_time_limit; /* normal command time limit */
549int psc_stress; /* stress level */
550int psc_lowat_check_queue_length; /* stress low-water mark */
551int psc_hiwat_check_queue_length; /* stress high-water mark */
552DICT *psc_dnsbl_reply; /* DNSBL name mapper */
553HTABLE *psc_client_concurrency; /* per-client concurrency */
554
555 /*
556 * Local variables and functions.
557 */
558static ARGV *psc_acl; /* permanent white/backlist */
559static int psc_blist_action; /* PSC_ACT_DROP/ENFORCE/etc */
560static ADDR_MATCH_LIST *psc_wlist_if; /* whitelist interfaces */
561
562static void psc_endpt_lookup_done(int, VSTREAM *,
563 MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *,
564 MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *);
565
566/* psc_dump - dump some statistics before exit */
567
568static void psc_dump(char *unused_service, char **unused_argv)
569{
570
571 /*
572 * Dump preliminary cache cleanup statistics when the process commits
573 * suicide while a cache cleanup run is in progress. We can't currently
574 * distinguish between "postfix reload" (we should restart) or "maximal
575 * idle time reached" (we could finish the cache cleanup first).
576 */
577 if (psc_cache_map) {
578 dict_cache_close(psc_cache_map);
579 psc_cache_map = 0;
580 }
581}
582
583/* psc_drain - delayed exit after "postfix reload" */
584
585static void psc_drain(char *unused_service, char **unused_argv)
586{
587 int count;
588
589 /*
590 * After "postfix reload", complete work-in-progress in the background,
591 * instead of dropping already-accepted connections on the floor.
592 *
593 * Unfortunately we must close all writable tables, so we can't store or
594 * look up reputation information. The reason is that we don't have any
595 * multi-writer safety guarantees. We also can't use the single-writer
596 * proxywrite service, because its latency guarantees are too weak.
597 *
598 * All error retry counts shall be limited. Instead of blocking here, we
599 * could retry failed fork() operations in the event call-back routines,
600 * but we don't need perfection. The host system is severely overloaded
601 * and service levels are already way down.
602 *
603 * XXX Some Berkeley DB versions break with close-after-fork. Every new
604 * version is an improvement over its predecessor.
605 */
606 if (psc_cache_map != 0 /* XXX && psc_cache_map
607 requires locking */ ) {
608 dict_cache_close(psc_cache_map);
609 psc_cache_map = 0;
610 }
611 for (count = 0; /* see below */ ; count++) {
612 if (count >= 5) {
613 msg_fatal("fork: %m");
614 } else if (event_server_drain() != 0) {
615 msg_warn("fork: %m");
616 sleep(1);
617 continue;
618 } else {
619 return;
620 }
621 }
622}
623
624/* psc_service - handle new client connection */
625
626static void psc_service(VSTREAM *smtp_client_stream,
627 char *unused_service,
628 char **unused_argv)
629{
630
631 /*
632 * For sanity, require that at least one of INET or INET6 is enabled.
633 * Otherwise, we can't look up interface information, and we can't
634 * convert names or addresses.
635 */
636 if (inet_proto_info()->ai_family_list[0] == 0)
637 msg_fatal("all network protocols are disabled (%s = %s)",
638 VAR_INET_PROTOCOLS, var_inet_protocols);
639
640 /*
641 * This program handles all incoming connections, so it must not block.
642 * We use event-driven code for all operations that introduce latency.
643 *
644 * Note: instead of using VSTREAM-level timeouts, we enforce limits on the
645 * total amount of time to receive a complete SMTP command line.
646 */
647 non_blocking(vstream_fileno(smtp_client_stream), NON_BLOCKING);
648
649 /*
650 * Look up the remote SMTP client address and port.
651 */
652 psc_endpt_lookup(smtp_client_stream, psc_endpt_lookup_done);
653}
654
655/* psc_endpt_lookup_done - endpoint lookup completed */
656
657static void psc_endpt_lookup_done(int endpt_status,
658 VSTREAM *smtp_client_stream,
659 MAI_HOSTADDR_STR *smtp_client_addr,
660 MAI_SERVPORT_STR *smtp_client_port,
661 MAI_HOSTADDR_STR *smtp_server_addr,
662 MAI_SERVPORT_STR *smtp_server_port)
663{
664 const char *myname = "psc_endpt_lookup_done";
665 PSC_STATE *state;
666 const char *stamp_str;
667 int saved_flags;
668
669 /*
670 * Best effort - if this non-blocking write(2) fails, so be it.
671 */
672 if (endpt_status < 0) {
673 (void) write(vstream_fileno(smtp_client_stream),
674 "421 4.3.2 No system resources\r\n",
675 sizeof("421 4.3.2 No system resources\r\n") - 1);
676 event_server_disconnect(smtp_client_stream);
677 return;
678 }
679 if (msg_verbose > 1)
680 msg_info("%s: sq=%d cq=%d connect from [%s]:%s",
681 myname, psc_post_queue_length, psc_check_queue_length,
682 smtp_client_addr->buf, smtp_client_port->buf);
683
684 msg_info("CONNECT from [%s]:%s to [%s]:%s",
685 smtp_client_addr->buf, smtp_client_port->buf,
686 smtp_server_addr->buf, smtp_server_port->buf);
687
688 /*
689 * Bundle up all the loose session pieces. This zeroes all flags and time
690 * stamps.
691 */
692 state = psc_new_session_state(smtp_client_stream, smtp_client_addr->buf,
693 smtp_client_port->buf,
694 smtp_server_addr->buf,
695 smtp_server_port->buf);
696
697 /*
698 * Reply with 421 when the client has too many open connections.
699 */
700 if (var_psc_cconn_limit > 0
701 && state->client_concurrency > var_psc_cconn_limit) {
702 msg_info("NOQUEUE: reject: CONNECT from [%s]:%s: too many connections",
703 state->smtp_client_addr, state->smtp_client_port);
704 PSC_DROP_SESSION_STATE(state,
705 "421 4.7.0 Error: too many connections\r\n");
706 return;
707 }
708
709 /*
710 * Reply with 421 when we can't forward more connections.
711 */
712 if (var_psc_post_queue_limit > 0
713 && psc_post_queue_length >= var_psc_post_queue_limit) {
714 msg_info("NOQUEUE: reject: CONNECT from [%s]:%s: all server ports busy",
715 state->smtp_client_addr, state->smtp_client_port);
716 PSC_DROP_SESSION_STATE(state,
717 "421 4.3.2 All server ports are busy\r\n");
718 return;
719 }
720
721 /*
722 * The permanent white/blacklist has highest precedence.
723 */
724 if (psc_acl != 0) {
725 switch (psc_acl_eval(state, psc_acl, VAR_PSC_ACL)) {
726
727 /*
728 * Permanently blacklisted.
729 */
730 case PSC_ACL_ACT_BLACKLIST:
731 msg_info("BLACKLISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
732 PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
733 switch (psc_blist_action) {
734 case PSC_ACT_DROP:
735 PSC_DROP_SESSION_STATE(state,
736 "521 5.3.2 Service currently unavailable\r\n");
737 return;
738 case PSC_ACT_ENFORCE:
739 PSC_ENFORCE_SESSION_STATE(state,
740 "550 5.3.2 Service currently unavailable\r\n");
741 break;
742 case PSC_ACT_IGNORE:
743 PSC_UNFAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
744
745 /*
746 * Not: PSC_PASS_SESSION_STATE. Repeat this test the next
747 * time.
748 */
749 break;
750 default:
751 msg_panic("%s: unknown blacklist action value %d",
752 myname, psc_blist_action);
753 }
754 break;
755
756 /*
757 * Permanently whitelisted.
758 */
759 case PSC_ACL_ACT_WHITELIST:
760 msg_info("WHITELISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
761 psc_conclude(state);
762 return;
763
764 /*
765 * Other: dunno (don't know) or error.
766 */
767 default:
768 break;
769 }
770 }
771
772 /*
773 * The temporary whitelist (i.e. the postscreen cache) has the lowest
774 * precedence. This cache contains information about the results of prior
775 * tests. Whitelist the client when all enabled test results are still
776 * valid.
777 */
778 if ((state->flags & PSC_STATE_MASK_ANY_FAIL) == 0
779 && state->client_info->concurrency == 1
780 && psc_cache_map != 0
781 && (stamp_str = psc_cache_lookup(psc_cache_map, state->smtp_client_addr)) != 0) {
782 saved_flags = state->flags;
783 psc_parse_tests(state, stamp_str, event_time());
784 state->flags |= saved_flags;
785 if (msg_verbose)
786 msg_info("%s: cached + recent flags: %s",
787 myname, psc_print_state_flags(state->flags, myname));
788 if ((state->flags & PSC_STATE_MASK_ANY_TODO_FAIL) == 0) {
789 msg_info("PASS OLD [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
790 psc_conclude(state);
791 return;
792 }
793 } else if (state->client_info->concurrency > 1) {
794 saved_flags = state->flags;
795 psc_todo_tests(state, event_time());
796 state->flags |= saved_flags;
797 if (msg_verbose)
798 msg_info("%s: new + recent flags: %s",
799 myname, psc_print_state_flags(state->flags, myname));
800 } else {
801 saved_flags = state->flags;
802 psc_new_tests(state);
803 state->flags |= saved_flags;
804 if (msg_verbose)
805 msg_info("%s: new + recent flags: %s",
806 myname, psc_print_state_flags(state->flags, myname));
807 }
808
809 /*
810 * Don't whitelist clients that connect to backup MX addresses. Fail
811 * "closed" on error.
812 */
813 if (addr_match_list_match(psc_wlist_if, smtp_server_addr->buf) == 0) {
814 state->flags |= (PSC_STATE_FLAG_WLIST_FAIL | PSC_STATE_FLAG_NOFORWARD);
815 msg_info("WHITELIST VETO [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
816 }
817
818 /*
819 * Reply with 421 when we can't analyze more connections. That also means
820 * no deep protocol tests when the noforward flag is raised.
821 */
822 if (var_psc_pre_queue_limit > 0
823 && psc_check_queue_length - psc_post_queue_length
824 >= var_psc_pre_queue_limit) {
825 msg_info("reject: connect from [%s]:%s: all screening ports busy",
826 state->smtp_client_addr, state->smtp_client_port);
827 PSC_DROP_SESSION_STATE(state,
828 "421 4.3.2 All screening ports are busy\r\n");
829 return;
830 }
831
832 /*
833 * If the client has no up-to-date results for some tests, do those tests
834 * first. Otherwise, skip the tests and hand off the connection.
835 */
836 if (state->flags & PSC_STATE_MASK_EARLY_TODO)
837 psc_early_tests(state);
838 else if (state->flags & (PSC_STATE_MASK_SMTPD_TODO | PSC_STATE_FLAG_NOFORWARD))
839 psc_smtpd_tests(state);
840 else
841 psc_conclude(state);
842}
843
844/* psc_cache_validator - validate one cache entry */
845
846static int psc_cache_validator(const char *client_addr,
847 const char *stamp_str,
848 void *unused_context)
849{
850 PSC_STATE dummy;
851 PSC_CLIENT_INFO dummy_client_info;
852
853 /*
854 * This function is called by the cache cleanup pseudo thread.
855 *
856 * When an entry is removed from the cache, the client will be reported as
857 * "NEW" in the next session where it passes all tests again. To avoid
858 * silly logging we remove the cache entry only after all tests have
859 * expired longer ago than the cache retention time.
860 */
861 dummy.client_info = &dummy_client_info;
862 psc_parse_tests(&dummy, stamp_str, event_time() - var_psc_cache_ret);
863 return ((dummy.flags & PSC_STATE_MASK_ANY_TODO) == 0);
864}
865
866/* pre_jail_init - pre-jail initialization */
867
868static void pre_jail_init(char *unused_name, char **unused_argv)
869{
870 VSTRING *redirect;
871
872 /*
873 * Open read-only maps before dropping privilege, for consistency with
874 * other Postfix daemons.
875 */
876 psc_acl_pre_jail_init(var_mynetworks, VAR_PSC_ACL);
877 if (*var_psc_acl)
878 psc_acl = psc_acl_parse(var_psc_acl, VAR_PSC_ACL);
879 /* Ignore smtpd_forbid_cmds lookup errors. Non-critical feature. */
880 if (*var_psc_forbid_cmds)
881 psc_forbid_cmds = string_list_init(VAR_PSC_FORBID_CMDS,
882 MATCH_FLAG_RETURN,
883 var_psc_forbid_cmds);
884 if (*var_psc_dnsbl_reply)
885 psc_dnsbl_reply = dict_open(var_psc_dnsbl_reply, O_RDONLY,
886 DICT_FLAG_DUP_WARN);
887
888 /*
889 * Never, ever, get killed by a master signal, as that would corrupt the
890 * database when we're in the middle of an update.
891 */
892 if (setsid() < 0)
893 msg_warn("setsid: %m");
894
895 /*
896 * Security: don't create root-owned files that contain untrusted data.
897 * And don't create Postfix-owned files in root-owned directories,
898 * either. We want a correct relationship between (file or directory)
899 * ownership and (file or directory) content. To open files before going
900 * to jail, temporarily drop root privileges.
901 */
902 SAVE_AND_SET_EUGID(var_owner_uid, var_owner_gid);
903 redirect = vstring_alloc(100);
904
905 /*
906 * Keep state in persistent external map. As a safety measure we sync the
907 * database on each update. This hurts on LINUX file systems that sync
908 * all dirty disk blocks whenever any application invokes fsync().
909 *
910 * Start the cache maintenance pseudo thread after dropping privileges.
911 */
912#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE | \
913 DICT_FLAG_OPEN_LOCK)
914
915 if (*var_psc_cache_map)
916 psc_cache_map =
917 dict_cache_open(data_redirect_map(redirect, var_psc_cache_map),
918 O_CREAT | O_RDWR, PSC_DICT_OPEN_FLAGS);
919
920 /*
921 * Clean up and restore privilege.
922 */
923 vstring_free(redirect);
924 RESTORE_SAVED_EUGID();
925
926 /*
927 * Initialize the dummy SMTP engine.
928 */
929 psc_smtpd_pre_jail_init();
930}
931
932/* pre_accept - see if tables have changed */
933
934static void pre_accept(char *unused_name, char **unused_argv)
935{
936 static time_t last_event_time;
937 time_t new_event_time;
938 const char *name;
939
940 /*
941 * If some table has changed then stop accepting new connections. Don't
942 * check the tables more than once a second.
943 */
944 new_event_time = event_time();
945 if (new_event_time >= last_event_time + 1
946 && (name = dict_changed_name()) != 0) {
947 msg_info("table %s has changed - finishing in the background", name);
948 event_server_drain();
949 } else {
950 last_event_time = new_event_time;
951 }
952}
953
954/* post_jail_init - post-jail initialization */
955
956static void post_jail_init(char *unused_name, char **unused_argv)
957{
958 const NAME_CODE actions[] = {
959 PSC_NAME_ACT_DROP, PSC_ACT_DROP,
960 PSC_NAME_ACT_ENFORCE, PSC_ACT_ENFORCE,
961 PSC_NAME_ACT_IGNORE, PSC_ACT_IGNORE,
962 PSC_NAME_ACT_CONT, PSC_ACT_IGNORE, /* compatibility */
963 0, -1,
964 };
965 int cache_flags;
966 const char *tmp;
967
968 /*
969 * This routine runs after the skeleton code has entered the chroot jail.
970 * Prevent automatic process suicide after a limited number of client
971 * requests. It is OK to terminate after a limited amount of idle time.
972 */
973 var_use_limit = 0;
974
975 /*
976 * Workaround for parameters whose values may contain "$", and that have
977 * a default of "$parametername". Not sure if it would be a good idea to
978 * always to this in the mail_conf_raw(3) module.
979 */
980 if (*var_psc_rej_footer == '$'
981 && mail_conf_lookup(var_psc_rej_footer + 1)) {
982 tmp = mail_conf_eval_once(var_psc_rej_footer);
983 myfree(var_psc_rej_footer);
984 var_psc_rej_footer = mystrdup(tmp);
985 }
986 if (*var_psc_exp_filter == '$'
987 && mail_conf_lookup(var_psc_exp_filter + 1)) {
988 tmp = mail_conf_eval_once(var_psc_exp_filter);
989 myfree(var_psc_exp_filter);
990 var_psc_exp_filter = mystrdup(tmp);
991 }
992
993 /*
994 * Other one-time initialization.
995 */
996 psc_temp = vstring_alloc(10);
997 vstring_sprintf(psc_temp, "%s/%s", MAIL_CLASS_PRIVATE, var_smtpd_service);
998 psc_smtpd_service_name = mystrdup(STR(psc_temp));
999 psc_dnsbl_init();
1000 psc_early_init();
1001 psc_smtpd_init();
1002
1003 if ((psc_blist_action = name_code(actions, NAME_CODE_FLAG_NONE,
1004 var_psc_blist_action)) < 0)
1005 msg_fatal("bad %s value: %s", VAR_PSC_BLIST_ACTION,
1006 var_psc_blist_action);
1007 if ((psc_dnsbl_action = name_code(actions, NAME_CODE_FLAG_NONE,
1008 var_psc_dnsbl_action)) < 0)
1009 msg_fatal("bad %s value: %s", VAR_PSC_DNSBL_ACTION,
1010 var_psc_dnsbl_action);
1011 if ((psc_pregr_action = name_code(actions, NAME_CODE_FLAG_NONE,
1012 var_psc_pregr_action)) < 0)
1013 msg_fatal("bad %s value: %s", VAR_PSC_PREGR_ACTION,
1014 var_psc_pregr_action);
1015 if ((psc_pipel_action = name_code(actions, NAME_CODE_FLAG_NONE,
1016 var_psc_pipel_action)) < 0)
1017 msg_fatal("bad %s value: %s", VAR_PSC_PIPEL_ACTION,
1018 var_psc_pipel_action);
1019 if ((psc_nsmtp_action = name_code(actions, NAME_CODE_FLAG_NONE,
1020 var_psc_nsmtp_action)) < 0)
1021 msg_fatal("bad %s value: %s", VAR_PSC_NSMTP_ACTION,
1022 var_psc_nsmtp_action);
1023 if ((psc_barlf_action = name_code(actions, NAME_CODE_FLAG_NONE,
1024 var_psc_barlf_action)) < 0)
1025 msg_fatal("bad %s value: %s", VAR_PSC_BARLF_ACTION,
1026 var_psc_barlf_action);
1027 /* Fail "closed" on error. */
1028 psc_wlist_if = addr_match_list_init(VAR_PSC_WLIST_IF, MATCH_FLAG_RETURN,
1029 var_psc_wlist_if);
1030
1031 /*
1032 * Start the cache maintenance pseudo thread last. Early cleanup makes
1033 * verbose logging more informative (we get positive confirmation that
1034 * the cleanup thread runs).
1035 */
1036 cache_flags = DICT_CACHE_FLAG_STATISTICS;
1037 if (msg_verbose > 1)
1038 cache_flags |= DICT_CACHE_FLAG_VERBOSE;
1039 if (psc_cache_map != 0 && var_psc_cache_scan > 0)
1040 dict_cache_control(psc_cache_map,
1041 CA_DICT_CACHE_CTL_FLAGS(cache_flags),
1042 CA_DICT_CACHE_CTL_INTERVAL(var_psc_cache_scan),
1043 CA_DICT_CACHE_CTL_VALIDATOR(psc_cache_validator),
1044 CA_DICT_CACHE_CTL_CONTEXT((void *) 0),
1045 CA_DICT_CACHE_CTL_END);
1046
1047 /*
1048 * Pre-compute the minimal and maximal TTL.
1049 */
1050 psc_min_ttl =
1051 PSC_MIN(PSC_MIN(var_psc_pregr_ttl, var_psc_dnsbl_min_ttl),
1052 PSC_MIN(PSC_MIN(var_psc_pipel_ttl, var_psc_nsmtp_ttl),
1053 var_psc_barlf_ttl));
1054
1055 /*
1056 * Pre-compute the stress and normal command time limits.
1057 */
1058 mail_conf_update(VAR_STRESS, "yes");
1059 psc_stress_cmd_time_limit =
1060 get_mail_conf_time(VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, 1, 0);
1061 psc_stress_greet_wait =
1062 get_mail_conf_time(VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, 1, 0);
1063
1064 mail_conf_update(VAR_STRESS, "");
1065 psc_normal_cmd_time_limit =
1066 get_mail_conf_time(VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, 1, 0);
1067 psc_normal_greet_wait =
1068 get_mail_conf_time(VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, 1, 0);
1069
1070 psc_lowat_check_queue_length = .7 * var_psc_pre_queue_limit;
1071 psc_hiwat_check_queue_length = .9 * var_psc_pre_queue_limit;
1072 if (msg_verbose)
1073 msg_info(VAR_PSC_CMD_TIME ": stress=%d normal=%d lowat=%d hiwat=%d",
1074 psc_stress_cmd_time_limit, psc_normal_cmd_time_limit,
1075 psc_lowat_check_queue_length, psc_hiwat_check_queue_length);
1076
1077 if (psc_lowat_check_queue_length == 0)
1078 msg_panic("compiler error: 0.7 * %d = %d", var_psc_pre_queue_limit,
1079 psc_lowat_check_queue_length);
1080 if (psc_hiwat_check_queue_length == 0)
1081 msg_panic("compiler error: 0.9 * %d = %d", var_psc_pre_queue_limit,
1082 psc_hiwat_check_queue_length);
1083
1084 /*
1085 * Per-client concurrency.
1086 */
1087 psc_client_concurrency = htable_create(var_psc_pre_queue_limit);
1088}
1089
1090MAIL_VERSION_STAMP_DECLARE;
1091
1092/* main - pass control to the multi-threaded skeleton */
1093
1094int main(int argc, char **argv)
1095{
1096
1097 /*
1098 * List smtpd(8) parameters before any postscreen(8) parameters that have
1099 * defaults dependencies on them.
1100 */
1101 static const CONFIG_STR_TABLE str_table[] = {
1102 VAR_SMTPD_SERVICE, DEF_SMTPD_SERVICE, &var_smtpd_service, 1, 0,
1103 VAR_SMTPD_BANNER, DEF_SMTPD_BANNER, &var_smtpd_banner, 1, 0,
1104 VAR_SMTPD_FORBID_CMDS, DEF_SMTPD_FORBID_CMDS, &var_smtpd_forbid_cmds, 0, 0,
1105 VAR_SMTPD_EHLO_DIS_WORDS, DEF_SMTPD_EHLO_DIS_WORDS, &var_smtpd_ehlo_dis_words, 0, 0,
1106 VAR_SMTPD_EHLO_DIS_MAPS, DEF_SMTPD_EHLO_DIS_MAPS, &var_smtpd_ehlo_dis_maps, 0, 0,
1107 VAR_SMTPD_TLS_LEVEL, DEF_SMTPD_TLS_LEVEL, &var_smtpd_tls_level, 0, 0,
1108 VAR_SMTPD_CMD_FILTER, DEF_SMTPD_CMD_FILTER, &var_smtpd_cmd_filter, 0, 0,
1109 VAR_PSC_CACHE_MAP, DEF_PSC_CACHE_MAP, &var_psc_cache_map, 0, 0,
1110 VAR_PSC_PREGR_BANNER, DEF_PSC_PREGR_BANNER, &var_psc_pregr_banner, 0, 0,
1111 VAR_PSC_PREGR_ACTION, DEF_PSC_PREGR_ACTION, &var_psc_pregr_action, 1, 0,
1112 VAR_PSC_DNSBL_SITES, DEF_PSC_DNSBL_SITES, &var_psc_dnsbl_sites, 0, 0,
1113 VAR_PSC_DNSBL_ACTION, DEF_PSC_DNSBL_ACTION, &var_psc_dnsbl_action, 1, 0,
1114 VAR_PSC_PIPEL_ACTION, DEF_PSC_PIPEL_ACTION, &var_psc_pipel_action, 1, 0,
1115 VAR_PSC_NSMTP_ACTION, DEF_PSC_NSMTP_ACTION, &var_psc_nsmtp_action, 1, 0,
1116 VAR_PSC_BARLF_ACTION, DEF_PSC_BARLF_ACTION, &var_psc_barlf_action, 1, 0,
1117 VAR_PSC_ACL, DEF_PSC_ACL, &var_psc_acl, 0, 0,
1118 VAR_PSC_BLIST_ACTION, DEF_PSC_BLIST_ACTION, &var_psc_blist_action, 1, 0,
1119 VAR_PSC_FORBID_CMDS, DEF_PSC_FORBID_CMDS, &var_psc_forbid_cmds, 0, 0,
1120 VAR_PSC_EHLO_DIS_WORDS, DEF_PSC_EHLO_DIS_WORDS, &var_psc_ehlo_dis_words, 0, 0,
1121 VAR_PSC_EHLO_DIS_MAPS, DEF_PSC_EHLO_DIS_MAPS, &var_psc_ehlo_dis_maps, 0, 0,
1122 VAR_PSC_DNSBL_REPLY, DEF_PSC_DNSBL_REPLY, &var_psc_dnsbl_reply, 0, 0,
1123 VAR_PSC_TLS_LEVEL, DEF_PSC_TLS_LEVEL, &var_psc_tls_level, 0, 0,
1124 VAR_PSC_CMD_FILTER, DEF_PSC_CMD_FILTER, &var_psc_cmd_filter, 0, 0,
1125 VAR_DNSBLOG_SERVICE, DEF_DNSBLOG_SERVICE, &var_dnsblog_service, 1, 0,
1126 VAR_TLSPROXY_SERVICE, DEF_TLSPROXY_SERVICE, &var_tlsproxy_service, 1, 0,
1127 VAR_PSC_WLIST_IF, DEF_PSC_WLIST_IF, &var_psc_wlist_if, 0, 0,
1128 VAR_PSC_UPROXY_PROTO, DEF_PSC_UPROXY_PROTO, &var_psc_uproxy_proto, 0, 0,
1129 0,
1130 };
1131 static const CONFIG_INT_TABLE int_table[] = {
1132 VAR_PSC_DNSBL_THRESH, DEF_PSC_DNSBL_THRESH, &var_psc_dnsbl_thresh, 0, 0,
1133 VAR_PSC_DNSBL_WTHRESH, DEF_PSC_DNSBL_WTHRESH, &var_psc_dnsbl_wthresh, 0, 0,
1134 VAR_PSC_CMD_COUNT, DEF_PSC_CMD_COUNT, &var_psc_cmd_count, 1, 0,
1135 VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0,
1136 0,
1137 };
1138 static const CONFIG_NINT_TABLE nint_table[] = {
1139 VAR_PSC_POST_QLIMIT, DEF_PSC_POST_QLIMIT, &var_psc_post_queue_limit, 5, 0,
1140 VAR_PSC_PRE_QLIMIT, DEF_PSC_PRE_QLIMIT, &var_psc_pre_queue_limit, 10, 0,
1141 VAR_PSC_CCONN_LIMIT, DEF_PSC_CCONN_LIMIT, &var_psc_cconn_limit, 0, 0,
1142 0,
1143 };
1144 static const CONFIG_TIME_TABLE time_table[] = {
1145 VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, &var_psc_greet_wait, 1, 0,
1146 VAR_PSC_PREGR_TTL, DEF_PSC_PREGR_TTL, &var_psc_pregr_ttl, 1, 0,
1147 VAR_PSC_DNSBL_MIN_TTL, DEF_PSC_DNSBL_MIN_TTL, &var_psc_dnsbl_min_ttl, 1, 0,
1148 VAR_PSC_DNSBL_MAX_TTL, DEF_PSC_DNSBL_MAX_TTL, &var_psc_dnsbl_max_ttl, 1, 0,
1149 VAR_PSC_PIPEL_TTL, DEF_PSC_PIPEL_TTL, &var_psc_pipel_ttl, 1, 0,
1150 VAR_PSC_NSMTP_TTL, DEF_PSC_NSMTP_TTL, &var_psc_nsmtp_ttl, 1, 0,
1151 VAR_PSC_BARLF_TTL, DEF_PSC_BARLF_TTL, &var_psc_barlf_ttl, 1, 0,
1152 VAR_PSC_CACHE_RET, DEF_PSC_CACHE_RET, &var_psc_cache_ret, 1, 0,
1153 VAR_PSC_CACHE_SCAN, DEF_PSC_CACHE_SCAN, &var_psc_cache_scan, 0, 0,
1154 VAR_PSC_WATCHDOG, DEF_PSC_WATCHDOG, &var_psc_watchdog, 10, 0,
1155 VAR_PSC_UPROXY_TMOUT, DEF_PSC_UPROXY_TMOUT, &var_psc_uproxy_tmout, 1, 0,
1156 VAR_PSC_DNSBL_TMOUT, DEF_PSC_DNSBL_TMOUT, &var_psc_dnsbl_tmout, 1, 0,
1157
1158 0,
1159 };
1160 static const CONFIG_BOOL_TABLE bool_table[] = {
1161 VAR_HELO_REQUIRED, DEF_HELO_REQUIRED, &var_helo_required,
1162 VAR_DISABLE_VRFY_CMD, DEF_DISABLE_VRFY_CMD, &var_disable_vrfy_cmd,
1163 VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls,
1164 VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls,
1165 VAR_PSC_PIPEL_ENABLE, DEF_PSC_PIPEL_ENABLE, &var_psc_pipel_enable,
1166 VAR_PSC_NSMTP_ENABLE, DEF_PSC_NSMTP_ENABLE, &var_psc_nsmtp_enable,
1167 VAR_PSC_BARLF_ENABLE, DEF_PSC_BARLF_ENABLE, &var_psc_barlf_enable,
1168 0,
1169 };
1170 static const CONFIG_RAW_TABLE raw_table[] = {
1171 VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, &var_psc_cmd_time, 1, 0,
1172 VAR_SMTPD_REJ_FOOTER, DEF_SMTPD_REJ_FOOTER, &var_smtpd_rej_footer, 0, 0,
1173 VAR_PSC_REJ_FOOTER, DEF_PSC_REJ_FOOTER, &var_psc_rej_footer, 0, 0,
1174 VAR_SMTPD_EXP_FILTER, DEF_SMTPD_EXP_FILTER, &var_smtpd_exp_filter, 1, 0,
1175 VAR_PSC_EXP_FILTER, DEF_PSC_EXP_FILTER, &var_psc_exp_filter, 1, 0,
1176 0,
1177 };
1178 static const CONFIG_NBOOL_TABLE nbool_table[] = {
1179 VAR_PSC_HELO_REQUIRED, DEF_PSC_HELO_REQUIRED, &var_psc_helo_required,
1180 VAR_PSC_DISABLE_VRFY, DEF_PSC_DISABLE_VRFY, &var_psc_disable_vrfy,
1181 VAR_PSC_USE_TLS, DEF_PSC_USE_TLS, &var_psc_use_tls,
1182 VAR_PSC_ENFORCE_TLS, DEF_PSC_ENFORCE_TLS, &var_psc_enforce_tls,
1183 0,
1184 };
1185
1186 /*
1187 * Fingerprint executables and core dumps.
1188 */
1189 MAIL_VERSION_STAMP_ALLOCATE;
1190
1191 event_server_main(argc, argv, psc_service,
1192 CA_MAIL_SERVER_STR_TABLE(str_table),
1193 CA_MAIL_SERVER_INT_TABLE(int_table),
1194 CA_MAIL_SERVER_NINT_TABLE(nint_table),
1195 CA_MAIL_SERVER_TIME_TABLE(time_table),
1196 CA_MAIL_SERVER_BOOL_TABLE(bool_table),
1197 CA_MAIL_SERVER_RAW_TABLE(raw_table),
1198 CA_MAIL_SERVER_NBOOL_TABLE(nbool_table),
1199 CA_MAIL_SERVER_PRE_INIT(pre_jail_init),
1200 CA_MAIL_SERVER_POST_INIT(post_jail_init),
1201 CA_MAIL_SERVER_PRE_ACCEPT(pre_accept),
1202 CA_MAIL_SERVER_SOLITARY,
1203 CA_MAIL_SERVER_SLOW_EXIT(psc_drain),
1204 CA_MAIL_SERVER_EXIT(psc_dump),
1205 CA_MAIL_SERVER_WATCHDOG(&var_psc_watchdog),
1206 0);
1207}
1208